Given that I've been adhering more and more to what has become the leading edge of a communication paradigm shift, which I'll talk the liberty of terming HyperLink It Or Lose It , below is a response I wrote to an email with some appreciated positive...

Recently, I've heard from several AppScan users that it's not entirely obvious how to "Publish" results from either AppScan Source Edition or AppScan Standard Edition to the AppScan Enterprise Console where both sets of results can be viewed,...

After the relatively successful F4F expedition into Mapping The MVC-3.0 Controllers , where we generated Tainted Callbacks for each of the Controllers found, in effect simulating calls WITH user-controllable or Tainted data. With this skeleton of the...

One of the main
advantages of having a full Continuous Integration environment
integrated with the security scanning tools, all running together on
a central server (pronounced “Mainframe”) is the ability for
customization to take place, such as the...

Following my previous venture, more
accurately 'wander', into Extending WAFL - ASP.NET MVC and a very
cool, tangential trip off into Continuous Integration Land , I'm now
re-gaining focus on using the AppScan Source Framework-4-Frameworks
(F4F) APIs to...

To illustrate a real world
application for the technique described in Application Injection, we
are going to use the O2 REPL functionality to modify the running
process, in real-time, to add a Source Edition Results Plug-in to
AppScan Standard.
The...

Getting back to the task of adding
support for the ASP.NET MVC framework and following the advice of the
architects of the language:
“ Details
of writing and deploying an F4F handler that uses the F4F high-level
APIs are described in the AppScan...

Last Episode: After having configured
our Continuous Integration platform, Team City, and integrating GitHub
as both the source code control system as well as the eventual build and scanning
artifact repository, we were able to properly trigger an Ant...

As detailed in my previous post The AppScan Appliance - Design and Architecture I noted several components that I consider crucial steps in the
development of the AppScan Appliance Proof of Concept. One of the
first major milestones will be the creation...

Here is a pretty funny and / or really serious
(depending on your frame of reference) utility that exploits a low
level SMTP vulnerability by design. In effect, this allows one to send an email FROM ANY
ADRESS, as long as the domain doesn't actually...

Findings / Entrypoint Viewer with URL Mapping Tool Following up on my previous, high-level overview of the Web Application Framework Language (WAFL) and how it is incorporated into an AppScan Source Analysis, I want to demonstrate a tool which uncovers one...

AppScan Source has a [not-so] secret weapon in the Battle for Visibility: WAFL The Web Application Framework Language (WAFL) was designed as a Framework for Frameworks (F4F) by the Ounce Analysis Engine Team to model the effects that modern frameworks have...